forked from OpenC2-org/openc2-org.github.io
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfaq.html
485 lines (458 loc) · 27.9 KB
/
faq.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
---
layout: page
title: FAQ
pageHeading: Frequently Asked Questions
permalink: /faq.html
---
<main id="main">
<!-- ======= Frequently Asked Questions Section ======= -->
<section id="faq" class="faq section-bg">
<div class="container" data-aos="fade-up">
<div class="faq-list faq-list-lg">
<ul>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" class="collapse"
href="#faq-list-1">What is OpenC2? <em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-1" class="collapse show" data-parent=".faq-list">
<p>
OpenC2 is a standardized language for machine-to-machine communications for the command and control of technologies that provide or support cyber defenses. The <a href="https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=openc2">OpenC2 Technical Committee</a> is developing a suite of specifications that define the OpenC2 language, tailor its use to specific cyber defense functions, and specify how to convey OpenC2 messages using various industry-standard transfer protocols.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-2"
class="collapsed">What is the difference between OpenC2 and OASIS? <em
class="bx bx-chevron-down icon-show"></em><em class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-2" class="collapse" data-parent=".faq-list">
<p>
<a href="https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=openc2">OpenC2</a> is an open source language, available for use and input across the cyber-security community. Many open source languages and technologies benefit from support of standards bodies, to help guide and champion on-going use and evolution of the software or technology. OpenC2 is a project under <a href="https://www.oasis-open.org/">OASIS</a>. OASIS is the <strong>O</strong>rganization for the <strong>A</strong>dvancement of <strong>S</strong>tructured <strong>I</strong>nformation <strong>S</strong>tandards, a nonprofit international consortium that develops open IT standards.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-3"
class="collapsed">How is the "suite" of OpenC2 Specifications organized?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-3" class="collapse" data-parent=".faq-list">
<p>As described in the <a
href="https://docs.oasis-open.org/openc2/oc2arch/v1.0/oc2arch-v1.0.html"><em>OpenC2
Architecture Specification</em></a>, there are
multiple types of OpenC2 specifications, meant to
be used in concert:</p>
<ul>
<li><p>The <a
href="https://docs.oasis-open.org/openc2/oc2arch/v1.0/oc2arch-v1.0.html"><em>OpenC2
Architecture Specification</em></a> describes the fundamental
structures of OpenC2.</p>
</li>
<li><p>The <a
href="https://docs.oasis-open.org/openc2/oc2ls/v1.0/oc2ls-v1.0.html"><em>OpenC2
Language Specification</em></a> provides the essential elements
of the language, the structure for Commands and Responses, and
the mechanisms for extending the OpenC2 language.</p>
</li>
<li><p><a
href="https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=openc2#technical"><strong>OpenC2
Actuator Profiles</strong></a> specify the subset of the OpenC2
language relevant in the context of specific actuator functions
(e.g., <a
href="https://docs.oasis-open.org/openc2/oc2slpf/v1.0/oc2slpf-v1.0.html">packet
filtering</a>, honeypots).</p>
</li>
<li><p><a
href="https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=openc2#technical"><strong>OpenC2
Transfer Specifications</strong></a> utilize existing protocols
and standards (e.g., <a
href="https://docs.oasis-open.org/openc2/open-impl-https/v1.1/cs01/open-impl-https-v1.1-cs01.html">HTTPS</a>,
<a
href="https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/transf-mqtt-v1.0.html">MQTT</a>)
to implement OpenC2 message transfer in specific
environments.</p>
</li>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-3"
class="collapsed">What can OpenC2 do for me? <em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-3" class="collapse" data-parent=".faq-list">
<p>
As cyber-defense technology vendors and providers adopt OpenC2, OpenC2 can dramatically improve incident
response to cyber-threats and allow for enterprise wide interoperability for cyber-security policy
orchestration. Management and development of cyber-defense responses is simplified and greater
collaboration and integration across a wide range of technologies is enabled.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-4"
class="collapsed">How can I access OpenC2?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-4" class="collapse" data-parent=".faq-list">
<p>
OASIS Specifications are open for all to use. The TC's <a href="https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=openc2">home page at OASIS</a> lists the <a href="https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=openc2#technical">officially published specifications</a>. This website includes a list of all <a href="https://openc2.org/openc2-org.github.io/specifications.html">OpenC2 specifications (published and under development)</a>, and a collection of <a href="https://openc2.org/openc2-org.github.io/opensource.html">open source software tooling</a> to add in implementing OpenC2.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-5"
class="collapsed">Do I have to be a member of OASIS to use OpenC2?<em
class="bx bx-chevron-down icon-show"></em><em class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-5" class="collapse" data-parent=".faq-list">
<p>
No, OASIS OpenC2 specifications are available to all. There are no known intellectual property rights associated with OpenC2. See <a rel="noopener noreferrer" target="_blank" href="https://www.oasis-open.org/committees/openc2/ipr.php">this page</a> for additional information.
</p>
<p>
If you desire to participate in the OpenC2 Technical Committee and draft future specifications, then OASIS membership would be required.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-6"
class="collapsed">How long has this been around?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-6" class="collapse" data-parent=".faq-list">
<p>
The OASIS OpenC2 TC was formed in 2017 and the first 3 OpenC2 Specifications were approved in 2019. The OpenC2 TC continues to develop and improve the specifications in the suite.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-7"
class="collapsed">What similiar efforts exist? <em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-7" class="collapse" data-parent=".faq-list">
<p>
* * * To Be Supplied * * *
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">Is there an OpenC2 API?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
The OpenC2 Language Specification and Actuator
Profiles taken together define the request and
response message content and expected actions,
and a Transfer Specification defines the
communications method. The exchange of OpenC2
command and response messages using the <a
rel="noopener noreferrer" target="_blank"
href="https://docs.oasis-open.org/openc2/open-impl-https/v1.0/open-impl-https-v1.0.html">HTTPS
Transfer Specification</a> can be considered a
Remote Procedure Call (RPC)-style Web API. OpenC2
does not have a Web API defined in terms of
Representational State Transfer (REST).
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-10"
class="collapsed">What is the TC's process for creating work products? <em
class="bx bx-chevron-down icon-show"></em><em class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-10" class="collapse" data-parent=".faq-list">
<p>
The OpenC2 TC's process for creating and managing work products is captured in the TC's <a
rel="noopener noreferrer" target="_blank"
href="https://github.com/oasis-tcs/openc2-tc-ops/blob/master/Documentation-Norms.md">Documentation
Norms</a>
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-11"
class="collapsed">What is the meeting schedule? <em
class="bx bx-chevron-down icon-show"></em><em class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-11" class="collapse" data-parent=".faq-list">
<p>
OpenC2 meetings are routinely conducted
Wednesdays at 11:00am Eastern Time ("OpenC2
Time"). All meetings are nominally scheduled for
1 hour duration, and are conducted using <a
href="https://www.lucidmeetings.com/">Lucid
Meetings</a>.</p>
<p>Our meeting formats are:</p>
<ul>
<li>TC Monthly Meeting: 3rd Wednesday of each month, in two
sessions</li>
<li>Working Meetings: 1st, 2nd, and 4th Wednesdays of each
month</li>
</ul>
<p>The monthly TC meeting on the third Wednesday of each month
<strong>counts towards voting rights</strong> and is where the TC
conducts official business. The monthly meeting is held in two
sessions to facilitate member participation across timezones:</p>
<ul>
<li>First session: 11:00 AM Eastern</li>
<li>Second session: 9:00 PM Eastern</li>
</ul>
<p>
The same agenda is used for both sessions, and
the two sessions are treated as a single meeting
for purposes of attendance and meeting minutes.
Attendance is only required at one of the two
sessions in order to maintain voting rights.
</p>
<p>
The TC also holds working meetings on the 1st,
2nd, and 4th Wednesdays at 11 AM Eastern. These
meetings focus on current work product
development activities, technical issue
resolution, and related topics (see the <a
href="https://github.com/oasis-tcs/openc2-tc-ops/blob/main/Working-Meeting-Process.md">Working
Meeting Process</a> document).
</p>
<p>There is no meeting on the 5th Wednesday of the month, if any.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to the OASIS <a href="https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cacao">Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
CACAO's goal is defining the standard for
creating machine-readable course of action
playbooks for cybersecurity operations. CACAO
will have the ability of integrating different
languages for controlling components that are
part of cyber defense ecosystems, thus, OpenC2 is
a candidate.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to STIX <a href="https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_a925mpw39txn">Course of Action (COA)</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
Structured Threat Information Expression (STIX™)
is a language and serialization format used to
exchange cyber threat intelligence (CTI). One of
the STIX Domain Objects (SDOs), Course of Action,
has the ability to capture structured/automated
courses of action. OpenC2 can be utilized to
populate STIX COA SDOs for sharing automated
courses of action for the purpose of responding
to cyber incidents in cyber-relevant time.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to <a href="https://www.misp-project.org/features.html">MISP</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
MISP originally stood for Malware Information
Sharing Platform but it has evolved to "Open
Source Threat Intelligence Platform & Open
Standards For Threat Information Sharing"
according to its homepage.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to <a href="https://www.opendxl.com/">OpenDXL</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
OpenDXL is an initiative to create adaptive
systems of interconnected services that
communicate and share information for real-time,
accurate security decisions and actions. As a
communications fabric, OpenDXL supports both
point-to-point and publish / subscribe
communications models. OpenDXL could be used as a
communications fabric for OpenC2, but no transfer
specification has been formalized for it.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to the <a href="https://opencybersecurityalliance.org/">Open Cybersecurity Alliance</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
* * * To Be Supplied * * *
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to the Open Cybersecurity Alliance's <a href="https://github.com/opencybersecurityalliance/oca-ontology">OCA Ontology</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
The OCA Ontology (formerly known as the OCA
OpenDXL Ontology) is "an effort to bring semantic
consistency to the full spectrum of enterprise
cyber security." Creating a common vernacular
among different vendors and cybersecurity
sub-disciplines, and establishing "formal,
machine-readable representations" are means to
improve interoperability, which OpenC2 should be
able to leverage.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to the <a href="https://openconnectivity.org/">Open Connectivity Foundation</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
* * * To Be Supplied * * *
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to the <a href="https://pages.nist.gov/OSCAL/">Open Security Controls Assessment Language (OSCAL)</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
OSCAL is a set of formats expressed in XML, JSON,
and YAML. These formats provide machine-readable
representations of control catalogs, control
baselines, system security plans, and assessment
plans and results. OSCAL development is being
managed in a GitHub repository.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to the <a href="https://www.first.org/iep/">FIRST Information Exchange Policy (IEP)</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
IEP is a framework that Computer Security
Incident Response Teams (CSIRT), security
communities, organizations, and vendors may
consider implementing to support their
information sharing and information exchange
initiatives.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to <a href="https://github.com/google/turbinia">Turbinia</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
Turbinia is an open-source framework from Google
for deploying, managing, and running distributed
forensic workloads.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to <a href="https://opendds.org/">OpenDDS</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
OpenDDS is an open source C++ implementation of
the Object Management Group (OMG) <a
href="https://www.omg.org/spec/DDS/About-DDS/">Data
Distribution Service (DDS)</a>, a Data-Centric
Publish-Subscribe (DCPS) model for distributed
application communication and integration.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to <a href="https://www.onap.org/">Open Network Automation Platform (ONAP)</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
* * * To Be Supplied * * *
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to <a href="https://csrc.nist.gov/projects/security-content-automation-protocol">Security Content Automation Protocol (SCAP)</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
* * * To Be Supplied * * *
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to Business Process Modeling Notation (BPMN)?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
* * * To Be Supplied * * *
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to <a href="https://datatracker.ietf.org/doc/rfc8322/">ROLIE</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
ROLIE is the Resource-Oriented Lightweight
Information Exchange, defined in <a
href="https://datatracker.ietf.org/doc/rfc8322/">RFC
8322</a>. ROLIE defines a resource-oriented
approach for security automation information
publication, discovery, and sharing. Using this
approach, producers may publish, share, and
exchange representations of software descriptors,
security incidents, attack indicators, software
vulnerabilities, configuration checklists, and
other security automation information as
web-addressable resources. Furthermore, consumers
and other stakeholders may access and search this
security information as needed, establishing a
rapid and on-demand information exchange network
for restricted internal use or public access
repositories. The specification extends the Atom
Publishing Protocol and Atom Syndication Format
to transport and share security automation
resource representations.
</p>
</div>
</li>
<li data-aos="fade-up">
<em class="bx bx-help-circle icon-help"></em> <a data-toggle="collapse" href="#faq-list-8"
class="collapsed">How does OpenC2 relate to <a href="https://developer.cisco.com/docs/mud/#!what-is-mud">Manufacturer Usage Descriptions (MUD)</a>?<em class="bx bx-chevron-down icon-show"></em><em
class="bx bx-chevron-up icon-close"></em></a>
<div id="faq-list-8" class="collapse" data-parent=".faq-list">
<p>
Manufacturer Usage Description (MUD) is an
embedded software standard defined by the IETF
that allows IoT Device makers to advertise device
specifications, including the intended
communication patterns for their device when it
connects to the network. The network can then use
this intent to author a context-specific access
policy, so the device functions only within those
parameters. In this manner, MUD becomes the
authoritative identifier and enforcer of policy
for devices on the network. MUD is defined in <a
href="https://tools.ietf.org/html/rfc8520">RFC
8520</a>.
</p>
</div>
</li>
</ul>
</div>
</div>
</section><!-- End Frequently Asked Questions Section -->
</main><!-- End #main -->